[Previous] [Next] [Index]
[Thread]
Re: Security via Sounding Impressive
Jonathon Tidswell <t-jont@microsoft.com> writes:
>
> Supposedly Nick Szabo <szabo@netcom.com> wrote:
>
> | I've notice an interesting pattern in how security mechanisms are named.
> | On the one hand, we have some security features with very impressive sounding
> | names:
> |
> | Certification *Authority*
> | *Authorization*
> | *Trusted* Server
> | *Master* Key
> | etc.
>
> I wonder what historical context makes people give these words some
> (undesrved ?) emotional weight ?
> Perhaps its the implication of the proper use of appropriate
> techniques/mechanisms ?
Some people use these sort of words carefully, and use them where it is
more a question of policy than mechanism. There is no mathematical
formula that can tell you who ought to be granted which rights; some
person in a position of authority has to make that decision. They may
encode their judgement into a mechanism, but determining that the
mechanism does what the person intended is difficult.
Unfortunately, it is all too common for a label to be attached to
something in the hope that this will magically cause the implied
properties to appear. For example, it is much better to call a server
"trusted" than "trustworthy", it does at least make it possible to
argue that there is a decision to be made about trust (this example is
taken from a real incident!)
Owen Rees
<rtor@ansa.co.uk>, <URL:http://www.ansa.co.uk/Staff/rtor.htm>
Information about ANSA is at <URL:http://www.ansa.co.uk/>.
Follow-Ups:
References: